[BUGFIX] IMAGE content object accepts directories 86/25286/7
authorTomita Militaru <militarutomita@gmail.com>
Mon, 11 Nov 2013 20:25:29 +0000 (22:25 +0200)
committerMarkus Klein <klein.t3@reelworx.at>
Thu, 30 Oct 2014 20:20:19 +0000 (21:20 +0100)
Adds checks for file existence to avoid returning directory
paths instead of path to file.

Resolves: #51781
Releases: master, 6.2
Change-Id: I8f879f38b95e6d9562a8883d35664550d8fa8774
Reviewed-on: http://review.typo3.org/25286
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
typo3/sysext/core/Classes/TypoScript/TemplateService.php
typo3/sysext/core/Tests/Unit/TypoScript/TemplateServiceTest.php

index dfebd16..e1443aa 100644 (file)
@@ -1127,7 +1127,7 @@ class TemplateService {
 
                // if this is an URL, it can be returned directly
                $urlScheme = parse_url($file, PHP_URL_SCHEME);
-               if ($urlScheme === 'https' || $urlScheme === 'http') {
+               if ($urlScheme === 'https' || $urlScheme === 'http' || is_file(PATH_site . $file)) {
                        return $file;
                }
 
index 226d090..b6e87de 100644 (file)
@@ -41,7 +41,9 @@ class TemplateServiceTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
        protected function setUp() {
                $GLOBALS['TYPO3_LOADED_EXT'] = array();
                $this->templateService = new \TYPO3\CMS\Core\TypoScript\TemplateService();
+               $this->templateService->tt_track = FALSE;
                $this->templateServiceMock = $this->getAccessibleMock('\\TYPO3\\CMS\\Core\\TypoScript\\TemplateService', array('dummy'));
+               $this->templateServiceMock->tt_track = FALSE;
        }
 
        /**
@@ -151,4 +153,34 @@ class TemplateServiceTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
                $this->templateServiceMock->updateRootlineData($newInvalidRootline);
        }
 
+       /**
+        * @test
+        */
+       public function getFileNameReturnsUrlCorrectly() {
+               $this->assertSame('http://example.com', $this->templateService->getFileName('http://example.com'));
+               $this->assertSame('https://example.com', $this->templateService->getFileName('https://example.com'));
+       }
+
+       /**
+        * @test
+        */
+       public function getFileNameReturnsFileCorrectly() {
+               $this->assertSame('typo3/index.php', $this->templateService->getFileName('typo3/index.php'));
+       }
+
+       /**
+        * @test
+        */
+       public function getFileNameReturnsNullIfDirectory() {
+               $this->assertNull($this->templateService->getFileName(__DIR__));
+       }
+
+       /**
+        * @test
+        */
+       public function getFileNameReturnsNullWithInvalidFileName() {
+               $this->assertNull($this->templateService->getFileName('  '));
+               $this->assertNull($this->templateService->getFileName('something/../else'));
+       }
+
 }